diff --git a/clientapi/routing/routing.go b/clientapi/routing/routing.go
index afd4cda4d..abaf674ff 100644
--- a/clientapi/routing/routing.go
+++ b/clientapi/routing/routing.go
@@ -263,7 +263,7 @@ func Setup(
 			if !isAllowed {
 				return util.JSONResponse{
 					Code: http.StatusUnauthorized,
-					JSON: jsonerror.Forbidden(""),
+					JSON: jsonerror.Forbidden("Unauthorised"),
 				}
 			}
 
@@ -352,6 +352,19 @@ func Setup(
 				return util.ErrorResponse(err)
 			}
 
+			isAllowedInviter, _ := authorization.IsAllowed(authz.AuthorizationArgs{
+				RoomId:     vars["roomID"],
+				UserId:     device.UserID,
+				Permission: authz.PermissionInvite,
+			})
+
+			if !isAllowedInviter {
+				return util.JSONResponse{
+					Code: http.StatusUnauthorized,
+					JSON: jsonerror.Forbidden("Inviter not allowed"),
+				}
+			}
+
 			return SendInvite(req, userAPI, device, vars["roomID"], cfg, rsAPI, asAPI)
 		}),
 	).Methods(http.MethodPost, http.MethodOptions)